• vortex@fed.dyne.org
    link
    fedilink
    arrow-up
    2
    ·
    12 days ago

    much prefer a solution that incorporates DNS TLSA resource records, rather than browser root certificate stores. That’s DANE, mm-ok? ;)

    • vortex@fed.dyne.org
      link
      fedilink
      arrow-up
      2
      ·
      12 days ago

      But regretfully, Peter Eckersley ex Chief Scientist at EFF seemed too invested in browsers being the ultimate hard-wired authority of trust on behalf of browser users when it came to root certificate stores. Not even considering initiatives such as CA-Cert.